But continue initializing/running for other non-TLS protocol support.

Use cryptDestroySession() instead.

Reported by Max (WESTLINE)...

Introduced in commit 75c5c9e5, since we are now calling the set_state()
callback periodically, and in sbbsctrl, it sets/resets the pause button
checked (depressed) state in response to this callback (should it?), this was
resetting the pause button checked/depressed state peridically (at the
configured sem file check interval, default 2 seconds).

The fix: if the new server state is the same as the previously set server
state, don't call the set_state() callback. I considered this as a potential
optimization when I first wrote that commit, but didn't see any obvious
downside to calling the set_state() callback redundantly. Now that I see a
downside, let's implement this saving/checking of the state to avoid
redundant "set" calls.

We have checks/loops/timeouts waiting for active clients to disconnect and
child thread threads to terminate whenever shutting down or recycling already,
so this should be safe. This pretty simple change fixes issue #236 (can't
terminate server under heavy load).

Also as part of this commit, introduced the ability to "pause" a server
(prevent it from accepting new connections) with the ctrl/pause semaphore
file or via the MQTT server/pause (and resume) topics. This feature is useful
when debugging server issues where you don't necessarily want to fully
shutdown/terminate the server, but don't want any new connections to be
accepted (the listen backlog will fill up with incoming connections though).
Unlike a server shutdown, a server pause can be "undone" via MQTT (by
publishing a message to the "resume" topic).

The "pause" semaphore file is just an "existence" semaphore file - its
date/time stamp doesn't matter. If the file exists, the server will enter
a paused state (and periodically log messages to that fact) until the semfile
is deleted.

This server pause feature is not the same as the pause button function in
sbbsctrl, which just pauses server log output.

The Global Login Requirements (default: blank) are used for any sever that doesn't have it explicitly set.

This resolves issue #666 (the issue of the beast) for Keyop

e.g. User.downlaoded_file() will now publish to the appropriate MQTT topic and changes to system.node_list[] will get published to MQTT.

The JS objects will still log to the terminal server (regardless of which server created/used the objects) however - so that's still a TODO.
Change do_cryptInit() to return bool, since it does.
Log detailed error if pthread_once() call fails.
Lowered-severity (to DEBUG) the log messages related to TLS private key and cert creation and destruction.

FIrst commit from within MSVS, so this might look weird.

Private key objects in cryptlib are not copied into sessions when
they're added, only the refcount is incremented.  These objects
contain a bignum context, which therefore ends up shared across all
instances of the private key.  Unfortunately, the locking is on the
session context, not the private key objects, so shared bignum contexts
can cause memory corruption.

Further, even if the locking issue was fixed, the performance handbrake
would still exists... activating sessions that use the same private key
would be serialized, with the results we've been seeing lately.

With this, each session gets a unique private key, which is loaded
from the file.  When a session is finished with the key, it is cached
in a list with an epoch, so when the date on the key file changes, old
private keys will be eliminated.

While this solves a lot of issues, logging of certificate generation
and loading issues has regressed to the point where it's effectively
not done at all. Logging was previously passed back to the caller,
but given the much longer call chain to get to where a cert is created,
the extra parameters was just too much. Something better should be
done here at some point.

We'll hold a reader lock under the session is established, which
should prevent blocking other threads unless something is beating
on get_ssl_cert() (which would be a different bug).

This still needs to be figured out, but at least this should fix
the immediate issue.

Holding the lock around session establishment should not be needed,
but we need to protect tls_certificate read and usage.  Since we
don't have rwlocks in xpdev (yet?), hack together a crappy rwlock
that does what we need.

Also, remove "CONSECUTIVE", which doesn't really make sense when the number
of login attempts in 1.

More readable/friendly log messages and ip.can reason strings

Now a sysop can "perm block" a client (IP address) for a limited amount of
time rather than always forever.

Add more displays of the ip.can details when actively blocking a client.

Moved twit/trash functions from userdat.c to trash.c

I wanted a couple of features for filters (e.g. blocked IP addreses):
- expiration date, optionally (only block for a limited time)
- display details of reason for filter in log messages (at time of block)

I've been thinking for some time that these files should be converted to .ini,
but then it occurred to me that I could do a sort of hybrid where the metadata
was key/value pairs tab-delimited from the search-pattern (first text on the
line). This is backward comaptible, relatively easy to view/edit by hand, and
extensible (easy to add/remove metadata fields in the future). So they'll
remain as text/*.can files.

The maximum line length for findstr/trashcan parsed files extended from 255 to
1000 characters.

Moved all trashcan-related functions from scfglib1.c to (new file) trash.c.

For the first time, I actually tested a build on WSL *before* committing to
Git. So, this *should* pass CI the first time. :-O

... especially around incoming connection acceptance, blocked-IPs/hostnames

Many searches are done (e.g. in the mail server, QWK import) for either of 2
strings in single file or list, so let's optimize that to a single iteration
through the file/list. This should reduce some redundant file I/O.

I do find this API a little confusing with the filename or list at the end
of the argument list, but kept it consistent with the existing single string
findstr functions (which are now just wrappers for the new 2-string flavors).

I noticed during this update that findstr() did not share the same behavior
as findstr_in_list() (feature added in commit f08f2137) whereby if all the
patterns were negative searches (beginning with '!'), then *all* the
negative matches would have to be successful (not just the first) for the
function to return true. So now findstr() behaves like findstr_in_list()
in this regard.

I also added some optimizations to findstr_in_string().

Using "Warning" log levels more for things that the sysop might be able to do
something about. If it's just an input data validation (from a random TCP/IP
client), use "Notice" log level instead.

The terminal server log output is still the odd ball.

The time span over which consecutive failed logins are attempted is important

The log format and details might need some adjustment, but this is a start.

Also, don't delay 3 seconds before disconnecting socket when mail server has
reached maximum number of clients - we should immediately release resources
(the socket) and be able to accept another connection ASAP instead.

Deal with new CID 470557 and 470554 in mail server: resource (file*)
leaks in error paths (corner case).

Set minimum severity of TLS messages in web sever to INFO. Debug-level would
hide some common TLS session errors.

The base64-encoded credentials can either be supplied with the AUTH PLAIN
command or in response to a 334 server-challenge. We only supported the
former form and logged a warning ("Missing AUTH PLAIN argument") when we
received the latter. No warning is logged now and the appropriate
server-challege is sent and the response accepted and base64-decoded and
parsed as before.

And fix some use of CRYPT_UNUSED instead of cryptlib session ID.

My mail server was suddenly and inexplicably creating thousands of SMTPS
client threads, each with a unique remote IP address, and each eventually
failing with the rather obscure log message (from cryptlib):
 dbg 'Cannot read item from object' (-41) setting session active

Eventually (after not long, really), the server would run out of resources
and fail in weird and wonderful ways (can't malloc, can't create JS runtime
or context, etc.). The max_clients limit (100, as I have it set) wasn't being
effectively-imposed on SMTPS connections.

The root-cause: the active_clients (counter) wasn't incremented until *after*
the cryptlib/TLS setup for SMTPS connections and SMTPS/TLS connections can
take a long time to fail, resulting in a vulnerability to an effective denial
of service attack.

Raise the minimum severity of all cryptlib/TLS log messages from Debug to
Info.

Create wrappers for smtp_thread() [now smtp_client_thread()] and pop3_thread
[now pop3_client_thread()] that handle basic resource management (thread
counters, active client counters, the client socket).

'T' command from the reading messages (O)perator menu

Abstraction the twit-list usage.

The user name is better to log than the user number. Include user name in
brackets.

Fixes issue #670

So Clang-FreeBSD was warning (in compiles of scfg/scfg*.c by Deuce):
result of comparison of constant 100000 with expression of type 'uint16_t'
(aka 'unsigned short') is always true

Why? Cause a uint16_t's max value is 65535 (less than 100000). Sure we could
have just lowered the UIFC max number of config items to 65535, but that would
have been too easy. And why are these compared-with values of type uint16_t to
begin with? Because most ctrl/*.cnf lists (of configuration items) were
limited to 65535 entries cause ... 16-bit DOS, historically. Now that *.cnf
files aren't used, we could just increase these scfg_t.*_total type sizes from
16 to 32-bits, yeah? The result is this commit.

I went to (signed) int so we could still keep -1 as the special illegal
sub/dir num value (e.g. INVALID_SUB, which is sometimes used to indicate the
email message base). Theoretically, 2 billion configuration items could be
supported in these lists, but SCFG will limit you to 100000 anyway. So there's
a whole lot of s/uint/int in this commit.

I'd be very surprised if this doesn't result in some new GCC/Clang warnings,
but at least the old "comparison of constant 100000" warnings are now gone!

Or even weirder, u_long?

And dereffing a ulong/u_long pointer where you expect to find an IPv4 address?
Yet even weirder still.

Fix that spit: It appears in_addr_t is defined on all platforms (?), so use
that type instead.

No known sightings of these sites actually being the location of a segfault,
but as we learned from the segfaults in rblchk(), the first entry in the
h_addr_list can be NULL in some cases.

I'm not sure why this one only started popping up now, but h_addr_list is a
NULL-terminated list and it makes perfect sense that the first entry could
be the NULL-terminator.

gethostbyname is obsolete/deprecated and we should address that in a separate
commit.

A bunch of possible (but often, not really) use of undefined values.
Some ignored return values (e.g. of chsize/ftruncate, read, write, fgets).

Other than some added diagnostics upon some of these unexpected syscall
failures, there should be no change in behavior from this commit.

The notification of offline users was removed from the mail server 13 years
ago (commit 729eb16b) without a lot of fanfare or explanation. Add an
option for notification of offline users (in addition to online users) for
those sysops that want that behavior.

Use the userdat is_user_online() function in place of the getnodedat() loop,
which also wasn't considering nodes in "logon" status as having a user online.